IE10 under attack as hackers exploit zero-day bug

FireEye today said it had discovered that attackers are actively exploiting a new, unpatched vulnerability in Internet Explorer 10.

From Computerworld:

Microsoft confirmed the Milpitas, Calif. security company's report.

"Microsoft is aware of targeted attacks against Internet Explorer, currently targeting customers using Internet Explorer 10," a Microsoft spokesperson said via email. "We are investigating and we will take appropriate actions to help protect customers."

FireEye's disclosure came just two days after Microsoft patched every edition of IE with a large update that fixed 24 flaws, 15 of which applied to IE10. The IE update, which was not originally on this week's Patch Tuesday slate, was added at the last minute by Microsoft, which said it had completed testing of the repairs in time to make the cut.